CERT-EU attributed a 92 GB data breach at the European Commission to TeamPCP, which compromised the Trivy security scanner in ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

SUPPLYSHIELD combines large-scale AI systems with human validation to maintain secure versions of libraries across the full dependency tree. When new vulnerabilities are disclosed, the platform ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...

At first glance, choosing the best container base image for a Java application may seem simple enough. Teams tend to approach the issue by optimizing layer by layer: they choose the smallest base ...

Opinion Time and again, I see people begging for companies with deep pockets to fund open source projects. I mean, after all, ...

Chainguard is racing to fix trust in AI-built software - here's how ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Soroosh Khodami discusses why we aren't ready ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

The collapse of Market Financial Solutions follows a familiar and concerning pattern. According to documents submitted to London’s High Court at the commencement of its administration process, MFS may ...